<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Upcoming | Fairwinds Polaris Documentation</title>
    <meta name="generator" content="VuePress 1.7.1">
    <link rel="icon" href="/favicon.png">
    <script src="/scripts/modify.js"></script>
    <script src="/scripts/leadlander.js"></script>
    <meta name="description" content="Documentation for Fairwinds Polaris - audit and enforce Kubernetes best practices for your workloads">
    
    <link rel="preload" href="/assets/css/0.styles.db69974e.css" as="style"><link rel="preload" href="/assets/js/app.65b94829.js" as="script"><link rel="preload" href="/assets/js/3.0cb25b42.js" as="script"><link rel="preload" href="/assets/js/2.28adca5d.js" as="script"><link rel="preload" href="/assets/js/10.9d1a1701.js" as="script"><link rel="prefetch" href="/assets/js/11.d7eadcf0.js"><link rel="prefetch" href="/assets/js/12.85c0eab0.js"><link rel="prefetch" href="/assets/js/13.0487faf0.js"><link rel="prefetch" href="/assets/js/14.60ea393e.js"><link rel="prefetch" href="/assets/js/15.00f25aaa.js"><link rel="prefetch" href="/assets/js/16.cb0515ce.js"><link rel="prefetch" href="/assets/js/17.013e9969.js"><link rel="prefetch" href="/assets/js/18.a0fcb2d2.js"><link rel="prefetch" href="/assets/js/19.9fe045af.js"><link rel="prefetch" href="/assets/js/20.5bcacf34.js"><link rel="prefetch" href="/assets/js/21.2f58615f.js"><link rel="prefetch" href="/assets/js/22.90ebc6b9.js"><link rel="prefetch" href="/assets/js/4.be9896b6.js"><link rel="prefetch" href="/assets/js/5.665b3e6a.js"><link rel="prefetch" href="/assets/js/6.a5e340ed.js"><link rel="prefetch" href="/assets/js/7.dbd47d64.js"><link rel="prefetch" href="/assets/js/8.5a82b7c2.js"><link rel="prefetch" href="/assets/js/9.4f55b6b3.js">
    <link rel="stylesheet" href="/assets/css/0.styles.db69974e.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/img/fairwinds-logo.svg" alt="Fairwinds Polaris Documentation" class="logo"> <span class="site-name can-hide">Fairwinds Polaris Documentation</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="https://github.com/FairwindsOps/polaris" target="_blank" rel="noopener noreferrer" class="nav-link external">
  View on GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="https://github.com/FairwindsOps/polaris" target="_blank" rel="noopener noreferrer" class="nav-link external">
  View on GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><a href="/" class="sidebar-heading clickable router-link-active open"><span>Polaris</span> <!----></a> <ul class="sidebar-links sidebar-group-items"><li><a href="/changelog/" aria-current="page" class="active sidebar-link">Changelog</a></li><li><a href="/code-of-conduct/" class="sidebar-link">Code of Conduct</a></li><li><a href="/contributing/" class="sidebar-link">Contributing</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Ways to Run Polaris</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/dashboard/" class="sidebar-link">Dashboard</a></li><li><a href="/admission-controller/" class="sidebar-link">Admission Controller</a></li><li><a href="/infrastructure-as-code/" class="sidebar-link">Infrastructure as Code</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Customization</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/customization/configuration/" class="sidebar-link">Configuration</a></li><li><a href="/customization/checks/" class="sidebar-link">Check Settings</a></li><li><a href="/customization/custom-checks/" class="sidebar-link">Custom Checks</a></li><li><a href="/customization/exemptions/" class="sidebar-link">Exemptions</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Checks</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/checks/security/" class="sidebar-link">Security</a></li><li><a href="/checks/efficiency/" class="sidebar-link">Efficiency</a></li><li><a href="/checks/reliability/" class="sidebar-link">Reliability</a></li></ul></section></li></ul> </aside> <main class="page"> <div class="theme-default-content content__default"><h2 id="upcoming"><a href="#upcoming" class="header-anchor">#</a> Upcoming</h2> <ul><li>Standardize categories of checks into Security, Reliability, and Efficiency</li></ul> <h2 id="_1-2-1"><a href="#_1-2-1" class="header-anchor">#</a> 1.2.1</h2> <ul><li>Update date on dashboard footer</li></ul> <h2 id="_1-2-0"><a href="#_1-2-0" class="header-anchor">#</a> 1.2.0</h2> <ul><li>Add ability to audit a single workload</li> <li>Enable <code>pullPolicyAlways</code> by default</li> <li>Fix for finding parent resources</li></ul> <h2 id="_1-1-1"><a href="#_1-1-1" class="header-anchor">#</a> 1.1.1</h2> <ul><li>Show controller checks on dashboard</li> <li>Fix for orphaned pods w/ controller checks</li></ul> <h2 id="_1-1-0"><a href="#_1-1-0" class="header-anchor">#</a> 1.1.0</h2> <ul><li>Add namespace filter in UI</li> <li>Add priorityClass check</li> <li>Support reading from STDIN</li> <li>Ensure severity is set for all custom checks</li> <li>Support audit files which use \r or \r\n as newline character</li> <li>Add option to exempt an entire controller from checks via config file</li> <li>Fixed case where parent resources trigger error</li> <li>Fixed UI zero-state</li></ul> <h2 id="_1-0-3"><a href="#_1-0-3" class="header-anchor">#</a> 1.0.3</h2> <ul><li>Fixed case where parent resources trigger error</li> <li>Fixed dashboard link when <code>--base-path</code> is set</li></ul> <h2 id="_1-0-2"><a href="#_1-0-2" class="header-anchor">#</a> 1.0.2</h2> <ul><li>Fixed case where custom CRDs are not covered by RBAC</li></ul> <h2 id="_1-0-1"><a href="#_1-0-1" class="header-anchor">#</a> 1.0.1</h2> <ul><li>Added ARM binaries to releases</li></ul> <h2 id="_1-0-0"><a href="#_1-0-0" class="header-anchor">#</a> 1.0.0</h2> <h3 id="new-features"><a href="#new-features" class="header-anchor">#</a> New Features</h3> <ul><li>Added support for custom checks using JSON Schema</li> <li>Added support for arbitrary controllers, rather than a pre-configured set
<ul><li>removed support for <code>controllers_to_scan</code> in config</li></ul></li> <li>Added the ability to exempt a particular controller from a particular check.</li> <li>Docker image now includes the default config</li></ul> <h3 id="breaking-changes"><a href="#breaking-changes" class="header-anchor">#</a> Breaking Changes</h3> <ul><li>Breaking changes in both input and output formats. See <a href="https://github.com/FairwindsOps/polaris/tree/master/examples" target="_blank" rel="noopener noreferrer">Examples<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> for examples of the new formats.
<ul><li>removed config-level configuration for checks like max/min memory settings</li> <li>changed severity <code>error</code> to <code>danger</code></li></ul></li> <li>Breaking changes to the CLI
<ul><li>CLI flag <code>--set-exit-code-on-error</code> is now <code>--set-exit-code-on-danger</code></li> <li>Flags <code>--version</code>, <code>--dashboard</code>, <code>--webhook</code>, and <code>--audit</code> are now arguments</li> <li>Port flags are now just <code>--port</code></li></ul></li></ul> <h2 id="_0-6-0"><a href="#_0-6-0" class="header-anchor">#</a> 0.6.0</h2> <ul><li>Fixed webhook support in Kubernetes 1.16
<ul><li>this also removes support for 1.8</li></ul></li> <li>Added support for exemptions via controller annotations</li></ul> <h2 id="_0-5-2"><a href="#_0-5-2" class="header-anchor">#</a> 0.5.2</h2> <ul><li>Fixed missing success messages for resource requests/limits</li></ul> <h2 id="_0-5-1"><a href="#_0-5-1" class="header-anchor">#</a> 0.5.1</h2> <ul><li>Added a few more exemptions</li> <li>Started checking exemptions based on controller name prefix</li> <li><code>runAsUser != 0</code> now passes the <code>runAsNonRoot</code> check</li></ul> <h2 id="_0-5-0"><a href="#_0-5-0" class="header-anchor">#</a> 0.5.0</h2> <ul><li>Added <code>--load-audit-file</code> flag to run the dashboard from an existing audit</li> <li>Added an <code>ID</code> field to each check in the output</li> <li>Skip health checks for jobs, cronjobs, initcontainers</li> <li>Added support for exemptions</li> <li>Fixed dashboard base path option</li></ul> <h2 id="_0-4-0"><a href="#_0-4-0" class="header-anchor">#</a> 0.4.0</h2> <ul><li>Added additional Pod Controllers to scan PodSpec (<code>jobs</code>, <code>cronjobs</code>, <code>daemonsets</code>, <code>replicationcontrollers</code>)</li></ul> <h2 id="_0-3-1"><a href="#_0-3-1" class="header-anchor">#</a> 0.3.1</h2> <ul><li>Changed dashboard branding to refer to new org name Fairwinds</li></ul> <h2 id="_0-3-0"><a href="#_0-3-0" class="header-anchor">#</a> 0.3.0</h2> <ul><li>Added <code>--set-exit-code-on-error</code> and <code>--set-exit-code-below-score</code> flags to better support CI/CD</li></ul> <h2 id="_0-2-1"><a href="#_0-2-1" class="header-anchor">#</a> 0.2.1</h2> <ul><li><a href="https://github.com/FairwindsOps/polaris/issues/146" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: Fixed logic on RunAsNonRoot check to incorporate settings in podSpec</li></ul> <h2 id="_0-2-0"><a href="#_0-2-0" class="header-anchor">#</a> 0.2.0</h2> <ul><li>Added <code>--output-format</code> flag for better CI/CD support</li> <li>Added <code>--display-name</code> flag</li> <li>Added support for StatefulSets</li> <li>Show error message if no kubeconfig is set</li></ul> <h2 id="_0-1-5"><a href="#_0-1-5" class="header-anchor">#</a> 0.1.5</h2> <ul><li><a href="https://github.com/FairwindsOps/polaris/issues/125" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: ignore limits/requests for initContainers</li> <li><a href="https://github.com/FairwindsOps/polaris/issues/132" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: support custom base path</li></ul> <h2 id="_0-1-4"><a href="#_0-1-4" class="header-anchor">#</a> 0.1.4</h2> <ul><li><a href="https://github.com/FairwindsOps/polaris/issues/116" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: details pages getting template errors</li> <li><a href="https://github.com/FairwindsOps/polaris/issues/114" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: support all auth providers</li> <li><a href="https://github.com/FairwindsOps/polaris/issues/112" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: Ignore readiness probe for initContainers</li></ul> <h2 id="_0-1-3"><a href="#_0-1-3" class="header-anchor">#</a> 0.1.3</h2> <ul><li><a href="https://github.com/FairwindsOps/polaris/issues/109" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: dashboard not updating when running persistently</li></ul> <h2 id="_0-1-2"><a href="#_0-1-2" class="header-anchor">#</a> 0.1.2</h2> <ul><li>Stored all third-party assets (e.g. Charts.js) to local files to support offline dashboard viewing</li> <li>Fix: custom configs in <code>ConfigMap</code> not respected</li></ul> <h2 id="_0-1-1"><a href="#_0-1-1" class="header-anchor">#</a> 0.1.1</h2> <ul><li><a href="https://github.com/FairwindsOps/polaris/issues/93" target="_blank" rel="noopener noreferrer">Fix<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>: missing <code>config.yaml</code> and dashboard assets in binary releases</li> <li>Added some tests and better error handling</li></ul> <h2 id="_0-1-0"><a href="#_0-1-0" class="header-anchor">#</a> 0.1.0</h2> <ul><li>Dashboard fully functional</li> <li>Validating webhook functional, but still considered beta</li> <li>Checks:
<ul><li>Health
<ul><li>readiness probe missing</li> <li>liveness probe missing</li></ul></li> <li>Images
<ul><li>tag not specified</li> <li>pull policy not always</li></ul></li> <li>Networking
<ul><li>host network set</li> <li>host port set</li></ul></li> <li>Resources
<ul><li>cpu/memory requests missing</li> <li>cpu/memory limits missing</li> <li>cpu/memory ranges exceeded</li></ul></li> <li>Security
<ul><li>security capabilities</li> <li>host IPC set</li> <li>host PID set</li> <li>not read-only fs</li> <li>privilege escalation allowed</li> <li>run as root allowed</li> <li>run as privileged</li></ul></li></ul></li></ul></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/FairwindsOps/polaris/edit/master/docs-md/changelog.md" target="_blank" rel="noopener noreferrer">Help us improve this page</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <!----></footer> <div class="page-nav"><p class="inner"><!----> <span class="next"><a href="/code-of-conduct/">
        Code of Conduct
      </a>
      →
    </span></p></div> <div class="custom-footer"><div class="left-footer"><a href="https://fairwinds.com" target="_blank">Learn more about Fairwinds</a> <a href="https://fairwinds.com/insights" target="_blank">Try Fairwinds Insights</a></div> <div class="right-footer"><a href="https://www.fairwinds.com/privacy-policy" target="_blank">Privacy Policy</a></div></div></main></div><div class="global-ui"></div></div>
    <script src="/assets/js/app.65b94829.js" defer></script><script src="/assets/js/3.0cb25b42.js" defer></script><script src="/assets/js/2.28adca5d.js" defer></script><script src="/assets/js/10.9d1a1701.js" defer></script>
  </body>
</html>
